On Mon, Jan 08, 2024 at 08:05:38PM -0600, Gustavo A. R. Silva wrote: > > > Gustavo quoted: > > > "Under FORTIFY_SOURCE we should not copy data across multiple members > > > in a structure." > > > > > > Reported-by: syzkaller <[email protected]> > > > Suggested-by: Vegard Nossum <[email protected]> > > > Suggested-by: Gustavo A. R. Silva <[email protected]> > > > Signed-off-by: Harshit Mogalapalli <[email protected]> > > > > Thanks for getting this fixed! > > > > Yeah, it's a "false positive" in the sense that the code was expecting > > It's a false positive _bug_, and a legitimate _warning_ coming from fortified > memcpy().
It really feels like you're trying to sell the cost of this as a good thing... We've already merged fortify so why are you still fighting about this? Now that it's merged, let's just all admit that false positives are bad. I feel like once we recognize that actually false positives are bad as opposed to good then that's when we start looking for solutions. In Smatch, I have code that silences warnings about cross member writes because it was a common source of false positives... The Kconfig entry does not mention the risk of false positives at all and it doesn't say anything about turning on fortify along with CONFIG_PANIC_ON_OOPS is probably bad. There are simple things we could do to make this less risky. regards, dan carpenter
